diff --git a/hosts/boron.cx.ts.hillion.co.uk/default.nix b/hosts/boron.cx.ts.hillion.co.uk/default.nix
index 57c73dd..49615a0 100644
--- a/hosts/boron.cx.ts.hillion.co.uk/default.nix
+++ b/hosts/boron.cx.ts.hillion.co.uk/default.nix
@@ -46,6 +46,7 @@
     ## Custom Services
     custom = {
       locations.autoServe = true;
+      www.global.enable = true;
       services = {
         gitea.actions = {
           enable = true;
@@ -106,9 +107,12 @@
         eth0 = {
           allowedTCPPorts = lib.mkForce [
             53 # DNS
+            80 # HTTP 1-2
+            443 # HTTPS 1-2
           ];
           allowedUDPPorts = lib.mkForce [
             53 # DNS
+            443 # HTTP 3
           ];
         };
       };
diff --git a/hosts/jorah.cx.ts.hillion.co.uk/default.nix b/hosts/jorah.cx.ts.hillion.co.uk/default.nix
index 88c9e71..fc6d4ee 100644
--- a/hosts/jorah.cx.ts.hillion.co.uk/default.nix
+++ b/hosts/jorah.cx.ts.hillion.co.uk/default.nix
@@ -22,7 +22,6 @@
     ## Custom Services
     custom = {
       locations.autoServe = true;
-      www.global.enable = true;
       services = {
         gitea.actions = {
           enable = true;
diff --git a/modules/services/homeassistant.nix b/modules/services/homeassistant.nix
index 0c1a033..7cf9de1 100644
--- a/modules/services/homeassistant.nix
+++ b/modules/services/homeassistant.nix
@@ -65,8 +65,8 @@ in
           http = {
             use_x_forwarded_for = true;
             trusted_proxies = with config.custom.dns.authoritative; [
-              ipv4.uk.co.hillion.ts.cx.jorah
-              ipv6.uk.co.hillion.ts.cx.jorah
+              ipv4.uk.co.hillion.ts.cx.boron
+              ipv6.uk.co.hillion.ts.cx.boron
             ];
           };
 
diff --git a/secrets/certs/blog.hillion.co.uk.pem.age b/secrets/certs/blog.hillion.co.uk.pem.age
index 054a638..945c6c0 100644
Binary files a/secrets/certs/blog.hillion.co.uk.pem.age and b/secrets/certs/blog.hillion.co.uk.pem.age differ
diff --git a/secrets/certs/gitea.hillion.co.uk.pem.age b/secrets/certs/gitea.hillion.co.uk.pem.age
index cd7cd9c..109c30b 100644
Binary files a/secrets/certs/gitea.hillion.co.uk.pem.age and b/secrets/certs/gitea.hillion.co.uk.pem.age differ
diff --git a/secrets/certs/hillion.co.uk.pem.age b/secrets/certs/hillion.co.uk.pem.age
index 7f296aa..b66f342 100644
Binary files a/secrets/certs/hillion.co.uk.pem.age and b/secrets/certs/hillion.co.uk.pem.age differ
diff --git a/secrets/certs/homeassistant.hillion.co.uk.pem.age b/secrets/certs/homeassistant.hillion.co.uk.pem.age
index da7e12b..3a8d56c 100644
Binary files a/secrets/certs/homeassistant.hillion.co.uk.pem.age and b/secrets/certs/homeassistant.hillion.co.uk.pem.age differ
diff --git a/secrets/certs/links.hillion.co.uk.pem.age b/secrets/certs/links.hillion.co.uk.pem.age
index 1b8728e..c39c328 100644
Binary files a/secrets/certs/links.hillion.co.uk.pem.age and b/secrets/certs/links.hillion.co.uk.pem.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index fde9875..fffbea9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -123,9 +123,9 @@ in
   "homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.home.microserver ];
 
   # Web certificates
-  "certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
-  "certs/blog.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
-  "certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
-  "certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
-  "certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.jorah ];
+  "certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
+  "certs/blog.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
+  "certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
+  "certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
+  "certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
 }